blog

Is Your Biometrics Security Compromised?

No Likes No Comments

Is Your Biometrics Security Compromised?

Introduction

Hello Readers!

Welcome to Explicit IdeasA place, where ignited minds come to get healthy, wealthy, and wise!

If you have not subscribed to our website, then you are missing out.

Biometrics security frequent psychic has become a mainstream norm of authentication and login security. 

It’s convenient, unique, and user friendly, but it also could be the most stupid security token you could use.Load WordPress Sites in as fast as 37ms! Welcome to Explicit Ideas, a place where future successful brains come to get inspired. 

This article will discuss a fundamental problem when one’s biometric security itself is compromised!

This leads to an exceedingly demanding situation. 

Let’s dive into the topic “Is Your Biometrics Security Compromised?” without wasting any time.

Consider this!

If somebody steals your password, all you need to do to secure your account is change the password, but what if somebody steals your fingerprint?

is your biometrics security compromised

You leave your fingerprint everywhere. 

You can’t change it, and yet you are encouraged to use it as a security token. 

Fingerprints or facial recognition can generate a more vital security key than a wrong password when it comes to pure entropy. 

Weak Password?

The problem is that if someone has a lousy password practice, you can teach them to do better, but you can’t change their face, well, without help from a bear wrestler from Dagestan.

The real promise of biometric security stands and falls on how easy it is to replicate and abuse biometric models, and the short answer is: – It’s a cat-and-mouse game. 

Why? In the long enough timeline, someone will be able to recreate a copy of your face or fingerprints that work just fine enough to the full authenticating system.SEMrush Once your biometric data is compromised, it affects all applications at once, and you will be affected for the rest of your life.

Enterprise-level multi-factor biometric systems could improve the security of the premises, but consumer-grade biometric authentication is more of a convenience measure than a security enhancement.

Apple’s Touch ID – A Failed Saga?

When Apple first released the touch ID for iPhone in 2013, it was touted as the next step in the evolution of secure authentication. 

In just 24 hours, hackers found a cheap solution to break it! 

A photograph of your fingerprint taken from a glass surface such as a very iPhone is enough to recreate a replica that Apple’s Touch ID would accept as a genuine finger. 

This complete process takes about just 30 minutes, flat! 

Now, you may think this still reduces your attack surface because hackers must get physical access to your device and a

fingerprint.

But boy! It’s way worse than that. 

How Hackers managed?

Security researchers attending the annual Black Hat hacker convention in Las Vegas have bypassed the iPhone Face ID user authentication in just 120 seconds.

The way they did it may well surprise you, but should it worry you as well?

Black Hat?

Black Hat is always guaranteed to produce some exciting security headlines, and this year’s convention certainly hasn’t disappointed. 

Everything from a demonstration of how WhatsApp messages can be intercepted and manipulated to Microsoft confirming it had paid hackers $4.4 million (£3.6 million), for example. 

However, for sheer ingenuity and that “WTF” factor, what the researchers from Tencent did is hard to beat.

The researchers found a flaw in the liveness detection function of the biometric authentication system that Apple uses for unlocking an iPhone using FaceID. grammarly

During the session, Threatpost reported, the researchers said that “Liveness detection has become the Achilles’ heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorized live person who is present at the time of capture.”

This is to get around the problem that so many biometric ID systems suffer from hackers bypassing the authentication with the help of wax hands or 3D-printed heads. It’s clever stuff and will prevent someone from unlocking an iPhone while the owner is asleep, for example.

Except it doesn’t. 

Assuming you can follow the hacking process demonstrated by Tencent, which is unlikely in most scenarios.

Nord VPN

The method isn’t unusual and has that wow factor, but it would be difficult to pull off in the real world. 

It would be a lot easier to access a TouchID-protected iPhone using the finger of a sleeping victim.

All these kinds of hacks require physical access to both the device and the unresponsive owner. Ironically, I don’t think you need to lose too much sleep over this one. 

An excellent video by the Wall Street Journal demonstrates how fingerprint ID is hacked, shown below.

Courtesy – YouTube

How do Hackers play with Face ID Biometrics?

The researchers discovered that the FaceID liveness process, wouldn’t extract full 3D data from the area around the eye if it recognizes the owner is wearing glasses.

is your biometrics security compromised

Instead, it looks for a black area for the eye with a white point for the iris. 

So the researchers created a pair of spectacles with white tape covered by black tape in the center

A hole in the black tape was allowing the “white point” to be visible to FaceID. 

This is enough to fool FaceID and unlock the iPhone

But it’s also the last time you can use the word “simply” in connection with the hack.tubebuddy

Sure, the researchers showed how they placed the “X-glasses” onto a “sleeping” victim, unlocked the iPhone, and managed to transfer money using mobile payment. But you try and do that in the real world.

It’s not impossible by any means, but it does require a sleeping or unconscious victim who happens to have an iPhone protected with FaceID and who won’t wake up when you are stuffing a pair of specs onto their face.

Playing with Photos!

Even just a high-resolution photo of your hands will give hackers enough data to construct a fake fingerprint. 

A German hacker used press photographs of Germany’s defence minister to duplicate her figure prints. 

A quick scan of their photos posted all over social media may give hackers precisely what they need to achieve that.

is your biometrics security compromised

Now before you start scrolling through your social media to delete any photo that has your fingertips facing the camera, let me reassure you that it’s already too late, your fingerprint may be all over the Internet, and there is nothing you can do about it.

What did the researchers do?

The researchers were able to demonstrate that they could bypass the FaceID user authentication and access the iPhone of the victim in less than 120 seconds. To do so, they needed three things: a pair of spectacles, some tape and, erm, a sleeping or unconscious iPhone user.

An excellent video by the Wall Street Journal demonstrates how Face ID is hacked, which is shown below.

(Source:- https://www.forbes.com/sites/daveywinder/2019/08/10/apples-iphone-faceid-hacked-in-less-than-120-seconds/#2ebd9a4821bc)

Courtesy – YouTube

Remember!

You have to remind yourself that your phone isn’t the only thing that has your fingerprints. 

Your biometric data is most likely stored on multiple databases that often act as lucrative targets for hackers.

Kaspersky found that malware attacks targeted up to a third of biometric systems that store biometric data. 

Further analysis showed an emerging market for mass-distributed malware aimed at stealing biometric models from banks and financial systems.

If you are rich or dumb, you spend a thousand dollars on an iPhone with a face I.D. And face I.D. is ten times better than touch I.D. because there is an aliveness detector, and you are not going around slamming your face all over the place. 

You believe the complete sense of security Apple gives you by claiming your facial recognition data is only stored on your iPhone. 

Apple’s Face ID is among the most secure facial authentication systems available for consumers, but your iPhone is not the only device that can scan your face. 

Facial recognition can be used anywhere without your consent.

Taylor Swift used a kiosk that showed a rehearsal of her clips to entertain fans, which disguised its true purpose to use facial recognition to identify her stalker.

Facial Profiling

Advertisers use facial recognition in public places where banners and posters can identify you and even link to your social media accounts. 

As you are stomping around from one foot to another on a bus stop, facial recognition banner can get detailed scans of your face from all angles, more than enough to craft a perfect copy of your face. 

Even Vimeo, a video hosting site, was sued for using people’s facial biometrics and storing this data taken from their videos without their consent. 

You could easily be socially engineered into rotating your face in front of a hidden camera while staring into banners somewhere in a mall right next to an Apple Store. 

Hackers are very patient people, and cybercrime is a multi-trillion-dollar business.

Your facial biometrics is a lucrative target.

Apple’s Face ID security is majestically falling apart as researchers and hackers get crafty in tricking face I.D. using 3d printing of facial models in V.R. systems to perform facial animation. 

Hackers can make masks that look hideous to the human eye, but they are good-looking enough to fool face I.D., and if you are on a budget Android phone using some face unlock, the situation is even worse for you. 

The accurate depth 3d sensor’s price tag in the iPhone 10 is $60 per unit. 

This is prohibitively costly for Android budget vendors, so they default much less secure mechanisms that are even easier to fool than an Apple’s face I.D.

Social Media Blues!

In the age of social media, surveillance cameras can algorithmically be marketing. 

Your face is virtually everywhere, and the biometric data generated from it is stored in remote data centres with pathetic security. 

The breach is not a matter of If but When! 

Cyber Attacks

In 2015 the U.S., Office of Personnel Management suffered a severe cyberattack, where fingerprints of 5.6 million people associated with the U.S. government were stolen. 

In the U.K., more than a million people’s fingerprints and facial recognition data have been found on a publicly available database in an unencrypted form, in an unsophisticated attack vector. 

Researchers were able to access a total of 27.8 million records filled with biometric information and login credentials. Among the most luring targets of profit-seeking hackers are significant airliners. 

In cooperation with airport security and border control, airlines also rely on facial recognition to facilitate the process of travel and boarding. 

Price of Security!

The convenience comes at the price of the security. 

Cathay Pacific breach exposed the data of 9.4 million customers in 2018. 

While British Airways- a record-breaking fine of 183 million pounds by the European Union for exposing passport credit cards and other personal details of 500,000 customers.

On top of that, biometric security will always be susceptible to false rejection and acceptance rates. 

In the former, you might downgrade the less secure authentication mechanism to bypass the faulty recognition system. 

Most phones with fingerprint sensors or face-on features, including iPhone offer a backup solution to unlock your phone through a pin or passcode, which means your phone is only as secure as the secondary unlocking mechanism, which is not secure for most non-security-minded people at all. 

A false positive among family relatives, including twins, parents, and their children and siblings, are not uncommon and significantly increases your attack surface.

Your close relatives may share just enough similarities in their faces to confuse facial recognition. 

On the other hand, they all might be using different pins or passcodes that are not known to one another. 

Unlike passwords, biometric data will always have a greater than zero probability of false negatives and false positives. 

Biometrics is just a long password, and just like long passwords, it can be eventually brute force.

The best use of your biometrics is as part of multi-factor authentication, where you have to enter something you know, something you have, and something you are. 

No modern smartphones offer this level of protection. 

Security tokens such as authentication USB keys from yubico or nitro key are still the most secure way of authentication because they are the least replicable, if at all, for as much as we know.

For device encryption, the long-established device still prevails. The longer the passcode is, the stronger the security of the encryption key.

In many jurisdictions, the police may unlock your phone by forcefully using your fingers or your face. Still, in the U.S., you can invoke the Fifth Amendment to refuse to give out your password because you can’t be compelled in any criminal case to be a witness against yourself.

Strong Passwords or Passcodes

Biometric security as a one-off authentication event isn’t going to be more secure than a strong passphrase or multi-factor authentication. 

It truly secures a biometric implementation that would be a continuous pattern recognition that constantly scans our behaviour, gate, keystrokes, movement, voice, and face and fingerprints.

For now, we will end this article with a quote from the German hacker group that broke Apple’s Touch ID in 24 hours.

“It is plain stupid to use something that you can’t change that you leave everywhere every day is a security token”.

Courtesy – YouTube

To explain this issue in more detail, Team Explicit Facts has also published articles on Government surveillance by tracking your smartphone is covered in other article Is your smartphone being Tracked? Beware!

What to do?

In our other related articles Best Tricks to Protect Your Online Privacy (Part 1) and Best Tricks to Protect Your Online Privacy (Part 2) some general privacy-related things on the Internet to be aware of, including website policies and targeted advertising practices.  

Then, we’ll teach you some basic and advanced methods of staying private on the Internet and explain why doing these things protects your online privacy. 

In the article Best Tricks To Protect Your Smartphone Security (Part 1), we will explain how you can save your online privacy by increasing your smartphone’s security.

Lastly, we’ll go over some of the neat technologies that help keep your online life strictly your own business.

Thank you for spending some time with us!

We at Explicit Ideas want our followers to stay safe with mental peace and zero impact through the enhanced knowledge base.

So, stay safe and keep reading our articles.

Also, “Like” and “Subscribe” to our website, so that you never miss our future articles. We keep updating them at regular intervals to ensure that you get to know the “Explicit Facts of Life”.

If you like this content, then please “Share” it with your family and friends.

Sharing is Caring.

video

We also have a YouTube Channel “Explicit Facts and we request you to subscribe to it by clicking on the link below.

https://www.youtube.com/channel/ExplicitFacts

Our other websites with great and exclusive content are mentioned below: –

Explicit Wealth

Explicit Deal

Explicit Facts

Explicit Wellness

Explicit Files

Explicit History

To join our exclusive club, please click here.

Now before, you leave our website, we are curious.

Do you agree with our article “Is Your Biometrics Security Compromised?”?

Do you agree with our worry about the weaknesses involved with biometric security passwords?

What is the solution to this problem?

Share your story with us in the comment section below…. we will be right there with you.adsterra

Disclaimer

This article is intended for any person looking to work online and needs to follow all legal requirements set out in their individual countries. This article is not intended or made for kids in any way. If you have any questions, please ask in the comments or contact us at [email protected]!

Earnings Disclaimer. This article is for educational purposes only. We have taken reasonable steps to ensure that the information in this article is accurate, but we cannot represent that the website(s) mentioned in this article are free from errors. You expressly agree not to rely upon any information contained in this article.

Affiliate Disclosure. This article and description may contain affiliate links, which means that if you click on one of the product links, we’ll receive a small commission. We won’t put anything here that we haven’t verified and/or personally used ourselves.

Courtesy:- www.youtube.com

Apple Support

Forbes – Apple iPhone Face id hacked in less than 120 seconds

Forbes – Whatsapp hack attack changes your messages and Facebook doesn’t seem to care

Forbes – Microsoft confirmed that they paid US$ 44 to their hackers!

Forbe – How a wax hand AI fingerprints and 3D printed face broke biometric security in 2018?

#explicitideas #biometrics #biometricsecurity #biometricspassword #securitypasswords #passwords #faceid #apple #nordvpn #vpn #fingerprintid #datasecurity #irisbiometrics #irisid #technology

 

Click Here

No Likes No Comments

Comments

Leave a Reply

Your email address will not be published.

9 + 1 =